Author: Duncan Swinscow-Hall

What does artificial intelligence mean for cyber security? Prof Chris Hankin speaks to the House of Lords Select Committee.

Cyber attacks are considered one of the major threats for national security by the UK government. Artificial intelligence is considered to be a technology with major potential benefit. But what happens when these two worlds combine?

That’s exactly what the House of Lords Select Committee on Artificial Intelligence wanted to know. To find out more, they recently called in Professor Chris Hankin, Co-Director of the Institute for Security Science and Technology, to provide the panel with professional insight.

Below is a cut and edited summary of the evidence session. Some of the questions included have been rephrased. You can watch the full session online here.

Can we trust cyber-physical systems?

A post by Professor Emil Lupu, Associate Director of the ISST and Director of the Academic Centre of Excellence in Cyber Security Research.

It’s often reported that we can expect 30 billion IoT devices in the world by 2020, creating webs of cyber-physical systems that combine the digital, physical and human dimensions.

In the not too distant future, an autonomous car will zip you through the ‘smart’ city, conversing with the nearby vehicles and infrastructure to adapt its route and speed. As you sit in the back seat, tiny medical devices might measure your vitals and send updates to your doctor for your upcoming appointment.

The Security of Driverless Cars

A post by Dr Deeph Chana, Deputy Director for the Institute for Security Science and Technology. This blog first appeared as an opinion piece on GATEway project website, 19 September 2017. 

The opportunities that driverless vehicles present are undoubtedly profound. None more so than the emergence of multi-modal transport services (trains, planes, automobiles … and boats) that will intelligently cooperate to take us from A to B without any human intervention.

Replacing the old biological controllers — namely us — the autonomous vehicle will excel in everything from energy efficiency to just being safe. The technology of today already affords us a near-term vision of the car where route planning and optimisation, refuelling and recharging, transactions with services (tolls , shops , parking lots), and authentication and hand-shaking for the purpose of site access control are all automatically achieved by the vehicle, without the human ‘in-the-loop’.

How the Internet of Things poses fresh risks to public sector systems

A post by Professor Chris Hankin, Director ISST. This blog originally appeared on publictechnology.net published 19.06.2017.

With the cyber threat shifting its focus to sabotage rather than data theft, many of the defences deployed by public sector organisations will have to be adapted for the new world.

Information security policies are commonly guided by the CIA triad of confidentiality, integrity and availability. Many of the big security stories in the media relate to confidentiality, where data theft, for example, affects both individuals (eg. personal banking data) but also has a huge economic impact as a result of industrial espionage.

Integrity, or rather its loss, is most evident in the hijacking of websites by “hacktivists” seeking to deface content or replace it with political messages, but can also be associated with data, such as environmental monitoring, stock market trading or consumer price indices.

The Role of Distributed Ledgers in Securing Urban Infrastructure

A post by Dr Cathy Mulligan (Imperial College), Tony Kenyon (Guardtime) and Kacper Zylka (Imperial College).

Imperial College’s Blockchain research group (IC3RE) together with Guardtime have been investigating how distributed ledger technology – aka Blockchain – can be used to secure digitally-enabled critical infrastructure. Together they are providing an early warning system that embedded sensors have been compromised.

Cities around the globe are under increasing pressure to deliver high quality services to a growing number of citizens. Digital technology is being adopted – in what is sometimes called the ‘smart-city’ – to better manage assets, and deepen understanding of key services like waste, water, power and transport.

How we can secure critical infrastructure against zero-day hacks

A post by Dr Tingting Li, Research Associate at the Institute for Security Science & Technology.

As detailed in the recent Alex Gibney documentary Zero Days: Nuclear Cyber Sabotage, the Stuxnet worm caused havoc in an Iranian nuclear facility by exploiting unknown – and hence unprotected – weaknesses in the computer control system; so called zero-day weaknesses.

At Imperial ISST we’ve shown that the risk of a cyber-attack like Stuxnet being successful can be reduced by strategically defending the known weaknesses. We can model the relative risks in the system without foreknowledge of potential zero-day weaknesses, and maximise security by focusing defences on higher impact risks.

Worms, birds and insects inspire the robots of the future

A post by Dr Silvia Ardila-Jiménez, Post-doctoral Research Associate, Imperial College London

The development of autonomous systems is one of the technology trends driving the fourth industrial revolution. Autonomous systems in transportation are perhaps the most widely talked about, but beyond this we’re already seeing systems deployed in sectors like environmental monitoring and agriculture.

The range of potential applications is huge: search and rescue, border surveillance, construction, energy, health, sports and recreation, agriculture, and food and water security to name a few. And whilst advances in this area are vast – fueled by machine learning, data science, robotics etc. – no man-made system can perform at the level of living organisms.

The interaction between safety and security

A post by Professor Chris Hankin, Director ISST

Increasing digitization has led to convergence between IT (Information Technology) used in offices and mobile devices, and OT (Operational Technology) that controls devices used in critical infrastructure and industrial control systems. The IoT (Internet of Things) is also rapidly growing, with around 10 billion devices today.

These trends raise concerns about the interaction between safety and security. The reality of the threat has been highlighted in national news coverage, from cyber security vulnerabilities being exploited to compromise vehicle safety, to denial of service attacks launched from consumer devices.

Discussions are sometimes hampered by the lack of clear definitions of the concepts.